Language Selection

English French German Italian Portuguese Spanish

Security: Purism, SLAPP, Windows Servers, Windows at SMBs and More

Filed under
Security
  • Tamper-evident Boot Update: Making Heads More Usable

    We announced not too long ago that we have successfully integrated the tamper-evident boot software Heads into our Librem laptops. Heads secures the boot process so that you can trust that the BIOS and the rest of the boot process hasn’t been tampered with, but with keys that are fully under your control.

    Heads is cutting edge software and provides a level of security beyond what you would find in a regular computer. Up to this point though, its main user base are expert-level users who are willing to hardware flash their BIOS. The current user interface is also geared more toward those expert users with command-line scripts that make the assumption that you know a fair amount about how Heads works under the hood.

  • Keeper Security Reminds Everyone Why You Shouldn't Use It; Doubles Down On Suing Journalist

    Back in December, we wrote about a blatant SLAPP suit filed by Keeper Security against Ars Technica and its reporter Dan Goodin. Keeper makes a password manager product, and Goodin wrote an article, based on a flaw discovered by Google's Tavis Ormandy. The flaw impacted the browser extension that works with Keeper's application. Keeper took offense to certain elements of the article, and in particular to the idea that Microsoft had forced people to install the flawed software (since the flaw was actually in the browser extension, which is optional). Keeper Security also felt that the article implied that users of its software were vulnerable to a broad attack that put their passwords at risk, when the details suggested it was a more narrow (but still pretty bad) flaw that would require a specific set of circumstances to expose passwords, and there was no evidence that such a set of circumstances existed.

  • New cryptojacking attack uses Redis and NSA exploits to infect machines

    After the script completed the Redis scan, it launches another scan process named “ebscan.sh”. This time the new process uses the masscan tool to discover and infect publicly available Windows servers with the vulnerable SMB version.

  • Cyberattack risks mounting for Aussie SMBs: report

    It’s only a matter of time before Australian small businesses are hit hard by a cybersecurity attack but there are things they can do to protect themselves, according to a newly published security report.

  • Stack-register Checking

    Recently, Theo de Raadt (deraadt@) described a new type of mitigation he has been working on together with Stefan Kempf (stefan@)...

More in Tux Machines

LAS 2018

  • LAS 2018
    This month I was at my second Libre Application Summit in Denver. A smaller event than GUADEC but personally was my favorite conference so far. One of the main goals of LAS has been to be a place for multiple platforms to discuss the desktop space and not just be a GNOME event. This year two KDE members, @aleixpol and Albert Astals Cid, who spoke about release cycle of KDE Applications, Plasma, and the history of Qt. It is always interesting to see how another project solves the same problems and where there is overlap. The elementary folks were there since this is @cassidyjames home turf who had a great “It’s Not Always Techincal” talk as well as a talk with @danrabbit about AppCenter which are both very important areas the GNOME Project needs to improve in. I also enjoyed meeting a few other community members such as @Philip-Scott and talk about their use of elementary’s platform.
  • Developer Center Initiative – Meeting Summary 21st September
    Since last blog post there’s been two Developer Center meetings held in coordination with LAS GNOME Sunday the 9th September and again Friday the 21st September. Unfortunately I couldn’t attend the LAS GNOME meeting, but I’ll cover the general progress made here.

The "Chinese EPYC" Hygon Dhyana CPU Support Still Getting Squared Away For Linux

Back in June is when the Linux kernel patches appeared for the Hygon Dhyana, the new x86 processors based on AMD Zen/EPYC technology licensed by Chengdu Haiguang IC Design Co for use in Chinese data-centers. While the patches have been out for months, they haven't reached the mainline kernel quite yet but that might change next cycle. The Hygon Dyhana Linux kernel patches have gone through several revisions and the code is mostly adapting existing AMD Linux kernel code paths for Zen/EPYC to do the same on these new processors. While these initial Hygon CPUs appear to basically be re-branded EPYC CPUs, the identifiers are different as rather than AMD Family 17h, it's now Family 18h and the CPU Vendor ID is "HygonGenuine" and carries a new PCI Express device vendor ID, etc. So the different areas of the kernel from CPUFreq to KVM/Xen virtualization to Spectre V2 mitigations had to be updated for the correct behavior. Read more

Good Support For Wayland Remote Desktop Handling On Track For KDE Plasma 5.15

The KDE Plasma 5.15 release due out next year will likely be in good shape for Wayland remote desktop handling. The KDE Plasma/KWin developers have been pursuing Wayland remote desktop support along a similar route to the GNOME Shell camp by making use of PipeWire and the XDG-Desktop-Portal. Bits are already in place for KDE Plasma 5.13 and the upcoming 5.14 release, but for the 5.15 release is now where it sounds like the support may be in good shape for end-users. Read more

Linux developers threaten to pull “kill switch”

Linux powers the internet, the Android in your pocket, and perhaps even some of your household appliances. A controversy over politics is now seeing some of its developers threatening to withdraw the license to all of their code, potentially destroying or making the whole Linux kernel unusable for a very long time. Read more